Starter Edition - General Questions

Q: What types of input data streams does Cloudamize support?

A: Cloudamize supports VMware ESX/ESXi environments, Microsoft Hyper-V, and physical servers (Windows and Linux).

Q: Which IaaS providers does Cloudamize support?

A: Cloudamize supports Amazon Web Services, Google Cloud Platform, and Microsoft Azure.

Q: Does Cloudamize support standalone ESXi?

A: No, Cloudamize only supports ESXi through vCenter.

Q: What is the assessment life cycle?

A: See the following:

Q: Do we have any visibility via Cloudamize on what traffic goes via the Netscaler?

A: Network application inter-connectivity is based on the connections (local IP and foreign IP) observed in each machine. If we see a foreign IP for Netscalers, we will detect that connection. Usually, firewall/security appliances (e.g., Netscalers) are invisible because they implicitly monitor traffic in the intermediate path. They are not the local IP or foreign IP.

Q: Could you please explain how cache memory is measured and processed in the reports at the end of the measurements?
A. Cloudamize queries the OS directly on cached memory, but does not display this info directly in the results. The Sizing results consider cache memory usage when determining memory usage. Memory usage = Total memory - free Memory - cached. The only related metric we expose is the peak used memory in the infrastructure details. Currently Available (GB): Available memory on the customer’s machine. Peak Used (GB): 95th percentile of all observed/adjusted daily peak memory usage on the customer machine.

Q: Are network-layer vulnerability scans completed regularly as prescribed by industry best practices Please describe scope/coverage scan areas?

A. Yes, all assets on weekly basis

Q: Do Cloudamize regularly undertake a patching regime on their server estate?

A. Every 4 weeks or earlier if required

Q: What monitoring tools are in place in terms of DLP (Data Loss Prevention) and intrusion detection?

A. Alert Logic. IDS/Log management

Q: Does Cloudamize capture the PAAS services details and how will it capture?

A. Cloudamize do not collect any PAAS service details in general. Only Infrastructure details to provide respective recommendations on the desired cloud.

Q: Will CloudAmize gather the SSIS packages installation details on the server?

A. Unfortunately, Cloudamize does not gather the SSIS packages installation details on the server

Q: Does cloudamize supports SAML authentication?

A. The Cloudamize is not designed to use SAML authentication, and only supports the username/password method for now.

Q: The user doesn't want to send their data to Cloudamize SaaS server, is there a way to store the data locally in their premises and do assessment on top of it?

A. This is not possible, as the data needs to exist in our collection databases for us to perform processing tasks, and to make it available to view on the portal.

Q: Will SSE server credentials be required to complete the machines discovery?

A. No, SSE( (Secure Socket Extension) credentials are not required for machine discovery process and communication to the Cloudamize end point servers.

Q: Regarding UDP Firewall rules which delivered in the Cloudamize results, are they captured for Inbound or Outbound traffic, can you please confirm?

A. As the UDP is connectionless, we don't track inbound/outbound for these ports, instead, we are getting the data from a table that includes local IP and port information. These are the ports that the server is listening for UDP transmissions on, and from where.

Q: Does Cloudamize include the license costs for Oracle Linux and RHEL instances?

A. The BYOL doesn’t include Oracle Linux and RHEL. The License cost is about SQL.

Q: Can we look or access the NAS storage through Cloudamize? Can we collect data from NAS device ?

A. We can collect this data but we don't collect it directly from the NAS device (since they normally don't have a full OS, we can't install an agent on them directly). We do collect data from all of the logical disks on a server so if a server has a NAS mounted as a logical drive, we will collect the the data when we run data collection on the server.

Q: Does Cloudamize support AIX OS?

A. No, Cloudamize doesn't support AIX. The agent can't be installed on them.

Q: Does the Cloudamize capture certificate information from the nodes?

A. No, Cloudamize doesn’t capture certificate-related information from the nodes.

Q: Why does Cloudamize require Admin permission for installation?

A. Cloudamize Windows Agent (CWA) process will run as SYSTEM account. That is why Admin permission is required to install it.

Q: Does “supported versions of OpenSSL” mean supported by the agents or by the OpenSSL Software Foundation?

A. Supported means officially supported by OpenSSL. To simplify the minimum supported version is v3.0.0. Version 1.1.1 was previously supported and may still work, but we cannot guarantee this and would advise 3.0.0 for security purposes.

Q: What is the Cloudamize data destruction policy once the data analysis is complete?

A. We delete user’s data from Database after 76 days from the expiration. For the next 14 days, data will be available in backups. After 90 days, data will not be available in backups. All(raw and cooked) collected data will be deleted from the system.

Q: Does Cloudamize capture the licensing information of Red Hat shop?

A. No, Cloudamize currently does not capture the Red Hat shop licensing information

Q: How will the communication of applications between servers be captured?

A. Application communication data is captured from the OS directly. No packet interception takes place, we’re only looking at ports, source and destination IPs where available to the OS, times and durations of communications, and sizes of communications. The communications content is not captured.

Q: What is the data retention policy? and When is data effectively deleted?

A. We delete user’s data from Database after 76 days from the expiration. For the next 14 days, data will be available in backups. After 90 days, data will not be available in backups. All(raw and cooked) collected data will be deleted from the system.

Q: Are the Inbound/Outbonds Firewall rules collected, if they are really from firewall rules configured on the machines (for eg:, if the list is got from Firewall rules list of Windows) or if those records are collected checking if the ports were open during the collection time?

A. The Firewall Rules report is built using port data from application connections detected during the data collection phase. The agent does not query firewalls directly, rather it uses the ports identified from process data to build an image of required firewall ports.

Q: Will Cloudamize gather the auditing details on the database?

A. Cloudamize can provide Limited auditing details around performance and peak utilization for rightsizing of machines and licenses, nothing further than that.

Q: Does Cloudamize support data collection from Citrix enviornment?

A. Certain types of Citirix environment are not supported for data collection; if the environment uses dynamic server creation then it is not compatible with Cloudamize, as servers that are spun up and down are created with different UUIDs each time, and would register as a new server on the Cloudamize portal each time.

If the entire environment uses static servers then data collection will function; the customer would need to use Agents or Agentless Data Collectors in this case.

Q: Does Cloudamize support the use of SSH keys for authentication on Linux servers, instead of entering a username and password?

A. The Cloudamize Agentless Data Collector or Agent is not designed to use public keys, and only supports username/password method for now.

Q: Are the environment and the command line transmitted to the cloud service when processes are scanned? Secrets could in principle become visible here?

A. No. Only data used for processing results is sent to the Cloudamize servers after being gathered and formatted locally. Transmitted data is encrypted prior to transmission.

Q: How do I delete the legacy asset once the desired machines are moved to new asset in the Cloudamize tool?

A. The asset group will be removed from the migration planner once you move all the machines from the current group to the new asset group. Once you log out and back in, the Migration Planner should show the changes.

Q: What is it considered for the predicted Peak CPU utilization to be lower than current Peak CPU utilization? Is that considering the most advanced/next generation capabilities of the AWS instances compared to On Prem VMs?

A. This is design dependent. Our default designs use a service level target maximum of 80% CPU utilisation on cloud, and we recommend based on this, but custom designs can move this needle as required. Again, CPU performance is only one metric by which our recommendations are made, so another factor may be the main one determining the instance recommended (the Constraint column in the compute tab lists the primary consideration, but not the only one).

Q: Do you have the ability to logically segment or encrypt customer data such that data may be accessed by the particular customer only, without inadvertently accessing another customer's data?

A. Customer data is segmented in separate databases, access to any customer data is by portal only, where user account logins are unique (eg the same email address cannot be used for more than one assessment). 2FA is available to further prevent unauthorised access, and each assessment is assigned a unique customer identifier that is never re-used.

Q: Does Cloudamize AWS pricing get actively pulled via API or do we have it hard coded into our algorithm?

A. The Cloudamize algorithm does not hardcode the AWS pricing but rather uses a written service to pull the AWS pricing from the database. Please note that Cloudamize uses a Pricing collector app that updates our AWS pricing database every month.

Q: Is deployment using an orchestration platform such as Ansible supported with Cloudamize?

A. Such methods/platforms can be used, however Cloudamize does not offer any official support with the installation process.

Q: For some reason, OTP is enabled for my Cloudamize console login with email address, but I never configured it so I cannot log in?

A. If the same email address was used previously for another assessment login with OTP/TFA turned on, there’s a chance that the setting would remain when you re-use the email for another assessment.

Q: What is the Network bandwidth usage of Agentless Data Collector?

A. If all 500 remote hosts are communicating simultaneously with the ADC, 200KB/s of bandwidth is allocated to each host, which should be sufficient for the communication. In practice, the actual bandwidth usage per host is typically much lower than the allocated 200KB/s.

Q: What is the criteria for recommending RDS for all standard licenses? What is the cost difference if we opt for SQL Server on EC2 instead?

A. RDS recommendations are enabled by a toggle in the designer section. OLA 8 uses this toggle as a default design, but it is configurable for any custom design. The toggle is under the Compute Tuning section, “Workload based tuning: RDS”. Enabling it enables RDS recommendations where ever appropriate. Any direct cost queries should be directed to AWS.

Q: Which EBS storage type will be considered for EC2 instances, and what is the criteria for choosing them? For example, Throughput Optimized HDD is also a suitable choice for Big Data processing workloads depending on the use case.

A. Storage type considerations are also configurable in designer. Their base values for default designs can be found in this document. For the most part GP3 storage type is considered, as it is usually the cheapest option, but other options include GP2, ST1, SC1, and IO1. Bucketless storage can also be toggled in custom designs.

Q: Does Cloudamize support predicted Gartner/IDC costs?

A. Cloudamize doesn’t currently support any integrations with Gartner or IDC. Our TCO calculations are based solely on the specific IaaS providers offerings that we support currently (AWS, Azure, GCP), without 3rd party integrations relating to these providers. Additionally, queries about our services and offerings can be sent directly to sales@cloudamize.com who may be able to advise on alternatives.

Q: Do we have any specific requirements to be met on installing MGN agents via Cloudamize. Are there any pre-requisites that we need to know before following the guide from Cloudamize?

A. Our documentation covers the Cloudamize integration with AWS' MGN service'. For support and advice on using MGN itself, we would recommend contacting AWS directly. Note the following line from the linked document Migrate with AWS Application Migration Service (MGN):

“Note: Cloudamize does not ensure that the prerequisites for MGN agents are met. In cases where installation via the console cannot be completed, please follow the MGN installation instructions for a command line-based installation.”

Q: Is it possible to use cloudamize tool, even if the customer is already on the cloud?

A. Yes, Cloudamize can analyze and optimize existing cloud deployments, even if the customer is already in the cloud. While Cloudamize tools can be installed on other clouds, it is currently optimized for AWS, Azure, and GCP. All usual requirements must be met for installation and functionality. For any further questions about Cloudamize product, we would request you to contact our sales team at sales@cloudamize.com.

Q: How long the machines would be idle to decide whether to go for on-demand vs RI(Reserved Instances)? when uptime for all instances is recorded as 100%.

A. We keep track of the machine on-off and 100% means that the machine was on 100% during the data collection period.

• On Time (%)

This is the observed on-time

• Recommended Daily ON Time (%)

Based on CPU usage, we show the % of time in a day that the machine needs to be turned on. For example, if we see the machine is using CPU on Monday from 1:00-2:00 and Tuesday from 4:00-5:00, so our recommendation is based on the machine being turned on every day from 1:00-2:00 and 4:00-5:00 which is XX% of the day.

• Recommended Weekly ON Time (%)

Based on CPU usage, we show the % of time in a week that the machine needs to be turned on. Using the same example above, our recommended schedule would be to turn the machine on Monday from 1:00-2:00 and on Tuesday from 4:00-5:00 which is XX% of the week. This recommendation is more precise than the Daily on Time, assuming that the usage patterns are consistent and can be trusted.

Q: How to understand on what basis the sql server licenses were optimized?

A. We find that a machine has SQL edition (e.g., standard, enterprise). For BYOL case (e.g., OLA 2 plan), there is no SQL server licenses cost. For non-BYOL case (e.g., OLA 10 plan), the recommended instance type for the machine gives us the number of vCPU and based on that, SQL server license cost is computed. Currently, AWS does not support a reduced number of cores for the reduction of SQL server license costs.

Q: How will be the cost optimization recommendations when migrating from veeam backup to aws backup etc?

A. We don’t have a recommendation for a backup service (veeam) to AWS backup. We recommend backup servers to AWS instance types based on the backup server’s workload.

Q: Does Cloudamize consider different cost optimisation for backups? and would there be any metrics for backups?

A. No, we don’t consider different cost optimization for backup servers. No special metrics for backup servers.

Q: Does Cloudamize support the automated conversion of cloud services, such as mapping Azure services to their AWS equivalents?

A. While we don’t have a specific service for this, Cloudamize is capable of gathering data from cloud instances such as Azure, assuming the instances meet our compatibility requirements, and then providing instance recommendations for another cloud provider. In this case, a standard assessment will perform the task.